Apache mod_negotiation is enabled


Kayran has found that mod_negotiation is enabled on your Apache.
mod_negotiation is an Apache module which is responsible for selecting the document that best matches the clients set of capabilities, from one of several available documents.
If a certain user uses an invalid accept header, the server will response with a 406 error which might contain directory listing.

All of it, can lead to the possibility of attackers learning more about their targets.
For example, it can help an attacker to find backup files, generate credentials and so on.


Simply disable the MultiViews directive from the Apache’s configuration file and restart Apache so the changes will take effect.




< Return to all Vulnerabilities

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »